Skip to main content
Version: v41

principal

principalstring

The account name

target_domain object

Optional target domain in which principal exists

idstring<uuid>
namestring
deletedboolean
rotateboolean

Rotate password of this account

use_for_password_rotationboolean

marks account to be used as the account through which password rotation takes place, when flag use_main_account set in rotation_metadata

use_user_accountboolean

Use user account as host principal name

passphrasestring

The account static passphrase or the initial rotating password value. If rotate selected, active in create, disabled/hidden in edit

sourcestring

Identifies the source of the principals object "UI" or "SCAN". Deploy is also treated as "UI".

roles object[]

An array of roles entitled to access this principal on the host

  • Array [
  • idstring<uuid>

    Role UUID

  • ]
  • applications object[]

    An array of application the principal may launch on the target host

  • Array [
  • namestring
    applicationstring
    argumentsstring
    working_directorystring
  • ]
  • service_options object

    Object for service options

    ssh object

    SSH service options

    shellboolean

    Shell channel

    file_transferboolean

    File transfer channel

    execboolean

    exec channel

    tunnelsboolean

    tunnels

    x11boolean

    x11

    otherboolean

    other options

    rdp object

    RDP service options

    file_transferboolean

    file transfer

    audioboolean

    audio

    clipboardboolean

    clipboard

    web object

    WEB service options

    file_transferboolean

    file transfer

    audioboolean

    audio

    clipboardboolean

    clipboard

    vnc object

    VNC service options

    file_transferboolean

    file transfer

    clipboardboolean

    clipboard

    db object

    DB service options

    max_bytes_downloadinteger

    Maximum number of bytes allowed in download direction per connection. Set to zero to disable byte count limiting.

    max_bytes_uploadinteger

    Maximum number of bytes allowed in upload direction per connection. Set to zero to disable byte count limiting.

    command_restrictions object

    SSH shell/exec command restrictions for the principal

    enabledboolean

    Are command restrictions enabled

    default_whitelist object

    Default whitelist handle, required if command restrictions are enabled

    idstring<uuid>required

    Whitelist ID

    namestring

    Whitelist name

    deletedboolean

    Has whitelist been deleted, ignored in requests

    rshell_variantstring

    Restricted shell variant, required if command restrictions are enabled

    Possible values: [bash, posix]

    bannerstring

    Optional banner displayed in SSH terminal

    allow_no_matchboolean

    If true then commands that do not match any whitelist pattern are allowed to execute

    audit_matchboolean

    If true then an audit event is generated for every allowed command

    audit_no_matchboolean

    If true then an audit event is generated for every disallowed command

    whitelists object[]
  • Array [
  • whitelist object
    idstring<uuid>required

    Whitelist ID

    namestring

    Whitelist name

    deletedboolean

    Has whitelist been deleted, ignored in requests

    roles object[]

    List of roles granting access to the whitelist

  • Array [
  • idstring<uuid>required

    Role ID

    namestring

    Role name

  • ]
  • ]
  • principal
    {
    "principal": "string",
    "target_domain": {
    "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
    "name": "string",
    "deleted": true
    },
    "rotate": true,
    "use_for_password_rotation": true,
    "use_user_account": true,
    "passphrase": "string",
    "source": "string",
    "roles": [
    {
    "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6"
    }
    ],
    "applications": [
    {
    "name": "string",
    "application": "string",
    "arguments": "string",
    "working_directory": "string"
    }
    ],
    "service_options": {
    "ssh": {
    "shell": true,
    "file_transfer": true,
    "exec": true,
    "tunnels": true,
    "x11": true,
    "other": true
    },
    "rdp": {
    "file_transfer": true,
    "audio": true,
    "clipboard": true
    },
    "web": {
    "file_transfer": true,
    "audio": true,
    "clipboard": true
    },
    "vnc": {
    "file_transfer": true,
    "clipboard": true
    },
    "db": {
    "max_bytes_download": 0,
    "max_bytes_upload": 0
    }
    },
    "command_restrictions": {
    "enabled": true,
    "default_whitelist": {
    "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
    "name": "string",
    "deleted": true
    },
    "rshell_variant": "bash",
    "banner": "string",
    "allow_no_match": true,
    "audit_match": true,
    "audit_no_match": true,
    "whitelists": [
    {
    "whitelist": {
    "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
    "name": "string",
    "deleted": true
    },
    "roles": [
    {
    "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
    "name": "string"
    }
    ]
    }
    ]
    }
    }